git.osdn.net Git - android-x86/frameworks-base.git/commit

RESTRICT AUTOMERGE: Recover shady content:// paths.

The path-permission element offers prefix or regex style matching of
paths, but most providers internally use UriMatcher to decide what
to do with an incoming Uri.

This causes trouble because UriMatcher uses Uri.getPathSegments(),
which quietly ignores "empty" paths.  Consider this example:

    <path-permission android:pathPrefix="/private" ... />

    uriMatcher.addURI("com.example", "/private", CODE_PRIVATE);

    content://com.example//private

The Uri above will pass the security check, since it's not
technically a prefix match.  But the UriMatcher will then match it
as CODE_PRIVATE, since it ignores the "//" zero-length path.

Since we can't safely change the behavior of either path-permission
or UriMatcher, we're left with recovering these shady paths by
trimming away zero-length paths.

Bug: 112555574
Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests
Change-Id: Ibadbfa4fc904ec54780c8102958735b03293fb9a
(cherry picked from commit a1ec7b115cc378f0547f10cf1074a5248d42d94f)

author	Jeff Sharkey <jsharkey@android.com>
	Mon, 24 Sep 2018 19:23:57 +0000 (13:23 -0600)
committer	android-build-team Robot <android-build-team-robot@google.com>
	Fri, 19 Oct 2018 16:33:00 +0000 (16:33 +0000)
commit	798aba1c22ad2b08be30040b3cf3c403d43c8acc
tree	0a24a1a8d45e06a676aad80c882818c9e0cdbd64	tree \| snapshot
parent	971c9beef06b549548ec82f61a0209b282b8c365	commit \| diff

core/java/android/content/ContentProvider.java		diff \| blob \| history
core/java/android/content/ContentProviderOperation.java		diff \| blob \| history